summaryrefslogtreecommitdiffstats
path: root/default.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2015-10-20 23:47:29 +0200
committerlassulus <lass@aidsballs.de>2015-10-20 23:47:29 +0200
commitf6187b3796edcfcce71bd239bbc1e793e6bb806a (patch)
tree5e997809616c2d977c5d34bca8b7d8acbd9b7e1a /default.nix
parent281ba78969e0c0233fef0746d42f0ec85179b1bd (diff)
parentfc45cc29265e9b3e51033fddd5d8ea1042c1aa41 (diff)
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'default.nix')
-rw-r--r--default.nix132
1 files changed, 86 insertions, 46 deletions
diff --git a/default.nix b/default.nix
index 841882f54..11bae7d98 100644
--- a/default.nix
+++ b/default.nix
@@ -1,72 +1,112 @@
+# Welcome to the top-level default.nix of stockholm.
+#
+# You can discover the whole thing easily using the `get` utility,
+# which can be found at http://cgit.cd.krebsco.de/get/tree/get
+# To install `get` on any Nix-enabled system, use:
+#
+# nix-env -f /path/to/stockholm -iA pkgs.get
+#
+# The "current" arguments are used to provide information about the user who's
+# evaluating this file. This information is used to determine which user
+# namespace is to be used. Of course there's nothing trying to prevent you
+# from forging this information. E.g. you could try to generate the deployment
+# script for some random user's system, targeting some random host:
+#
+# LOGNAME=tv get krebs.deploy system=nomic target=8.8.8.8
+#
{ current-date ? abort "current-date not defined"
, current-host-name ? abort "current-host-name not defined"
, current-user-name ? builtins.getEnv "LOGNAME"
-}:
+}@current:
-assert current-user-name != "";
+let stockholm = {
+ # The generated scripts to deploy (or infest) systems can be found in the
+ # `krebs` attribute. There's also an init script, but it's in its early
+ # stages, not well integrated and mostly useless at the moment. :)
+ #
+ # You'll also find lib here, which is nixpkgs/lib + krebs lib, but nobody
+ # is really accessing this directly, as this lib gets reexported below.
+ inherit krebs;
-let
- lib = import <nixpkgs/lib>;
- klib = import ./krebs/4lib { inherit lib; };
-in with klib; let
+ # All systems of all users can be found here.
+ #
+ # /!\ Please note that `get users.${user-name}.${host-name}.system` is a
+ # bad idea because it will produce vast amounts of output. These are the
+ # actual and complete system derivations that can be installed on the
+ # respective host.
+ #
+ # Another thing to notice here is that other user's systems might not be
+ # evaluable because of missing secrets. If you _are_ able to evaluate
+ # another user's system, then you probably share a similar naming scheme
+ # for your secret files! :)
+ inherit users;
- nspath = ns: p: ./. + "/${ns}/${p}";
- kpath = nspath "krebs";
- upath = nspath current-user-name;
+ # Additionally, output lib and pkgs for easy access from the shell.
+ # Notice how we're evaluating just the base module to obtain pkgs.
+ inherit lib;
+ inherit (eval {}) pkgs;
+ };
+
+ krebs = import ./krebs (current // { inherit stockholm; });
+ inherit (krebs) lib;
+
+ # Path resolvers for common and individual files.
+ # Example: `upath "3modules"` produces the current user's 3modules directory
+ kpath = lib.nspath "krebs";
+ upath = lib.nspath current-user-name;
- stockholm = {
+ # This is the base module. Its purpose is to provide modules and
+ # packages, both common ones, found in krebs/ as well as the current user's,
+ # found in the user's namespace.
+ base-module = {
imports = map (f: f "3modules") [ kpath upath ];
nixpkgs.config.packageOverrides = pkgs:
let
+ # Notice the ordering. Krebs packages can only depend on Nixpkgs,
+ # whereas user packages additionally can depend on krebs packages.
kpkgs = import (kpath "5pkgs") { inherit pkgs; };
upkgs = import (upath "5pkgs") { pkgs = pkgs // kpkgs; };
in
kpkgs // upkgs;
};
- out =
- { inherit (eval {}) config options pkgs; } //
- lib.mapAttrs
- (name: _:
- if builtins.pathExists (nspath name "default.nix")
- then import (nspath name "default.nix")
- else import-1systems (nspath name "1systems"))
- (lib.filterAttrs
- (n: t: !lib.hasPrefix "." n && t == "directory")
- (builtins.readDir ./.));
-
- eval = path: import <nixpkgs/nixos/lib/eval-config.nix> {
+ # The above base module is used together with a NixOS configuration to
+ # produce a system. Notice how stockholm really just provides additional
+ # packages and modules on top of NixOS. Some of this stuff might become
+ # useful to a broader audience, at which point it should probably be merged
+ # and pull-requested for inclusion into NixOS/nixpkgs.
+ # TODO provide krebs lib, so modules don't have to import it awkwardly
+ eval = config: import <nixpkgs/nixos/lib/eval-config.nix> {
modules = [
- stockholm
- path
+ base-module
+ config
];
};
- import-1systems = path: lib.mapAttrs (_: mk-system) (nixDir path);
+ # Any top-level directory other than krebs/ is considered to be a user
+ # namespace, configuring a bunch of systems.
+ # Have a look at the definition of install in krebs/default.nix to see how
+ # nix-env is using this attribute set to obtain the system to be installed.
+ # TODO move user namespaces' to users/, so no exception for krebs/ is needed
+ users =
+ lib.mapAttrs
+ (name: _: eval-all-systems (lib.nspath name "1systems"))
+ (lib.filterAttrs
+ (n: t: !lib.hasPrefix "." n && t == "directory" && n != "krebs")
+ (builtins.readDir ./.));
+
+ # Given a path to a user namespace, provide an attribute of evaluated
+ # system configurations, keyed by system names (AKA host names).
+ eval-all-systems = path:
+ lib.mapAttrs'
+ (n: _: (lib.nameValuePair (lib.removeSuffix ".nix" n)
+ (eval-system (path + "/${n}"))))
+ (builtins.readDir path);
- mk-system = path: rec {
+ eval-system = path: rec {
inherit (eval path) config options;
system = config.system.build.toplevel;
- fetch = import ./krebs/0tools/fetch.nix { inherit config lib; };
};
- nixDir = path:
- builtins.listToAttrs
- (catMaybes
- (lib.mapAttrsToList
- (k: v: {
- directory =
- let p = path + "/${k}/default.nix"; in
- if builtins.pathExists p
- then Just (lib.nameValuePair k p)
- else Nothing;
- regular =
- let p = path + "/${k}"; in
- if lib.hasSuffix ".nix" p
- then Just (lib.nameValuePair (lib.removeSuffix ".nix" k) p)
- else Nothing;
- }.${v} or Nothing)
- (builtins.readDir path)));
-
-in out
+in stockholm